From fa332f1d3c1bdc026b6bb9cfed7d3045210b6551 Mon Sep 17 00:00:00 2001
From: root <vinz@trans.am>
Date: Mon, 4 Nov 2019 15:08:29 +0100
Subject: [PATCH] support for 4096 bits certificates

---
 RELEASENOTES.md                                    | 1 +
 lib/bearssl-esp8266/src/t_bearssl_tasmota_config.h | 4 ++++
 tasmota/my_user_config.h                           | 1 +
 3 files changed, 6 insertions(+)

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index edbe1f9de..f7554a990 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -125,6 +125,7 @@ The following binary downloads have been compiled with ESP8266/Arduino library c
 | USE_MQTT_TLS          | - | - | - | - | - | - | - |
 | USE_MQTT_TLS_CA_CERT  | - | - | - | - | - | - | - |
 | USE_MQTT_AWS_IOT      | - | - | - | - | - | - | - |
+| USE_4K_RSA            | - | - | - | - | - | - | - |
 | USE_KNX               | - | - | - | x | - | - | - |
 | USE_WEBSERVER         | x | x | x | x | x | x | x |
 | USE_JAVASCRIPT_ES6    | - | - | - | - | - | - | - |
diff --git a/lib/bearssl-esp8266/src/t_bearssl_tasmota_config.h b/lib/bearssl-esp8266/src/t_bearssl_tasmota_config.h
index fdf4f8f13..732cdf9e6 100644
--- a/lib/bearssl-esp8266/src/t_bearssl_tasmota_config.h
+++ b/lib/bearssl-esp8266/src/t_bearssl_tasmota_config.h
@@ -20,8 +20,12 @@
 #endif
 
 #ifndef BR_MAX_RSA_SIZE
+#ifdef USE_4K_RSA
+#define BR_MAX_RSA_SIZE 4096    // max 4096 bits RSA keys
+#else
 #define BR_MAX_RSA_SIZE 2048    // max 2048 bits RSA keys
 #endif
+#endif
 
 #ifndef BR_MAX_EC_SIZE
 #define BR_MAX_EC_SIZE 256      // max 256 bits EC keys
diff --git a/tasmota/my_user_config.h b/tasmota/my_user_config.h
index a351ee51d..b3f3ca14b 100644
--- a/tasmota/my_user_config.h
+++ b/tasmota/my_user_config.h
@@ -284,6 +284,7 @@
 //  #define USE_MQTT_AWS_IOT                       // Enable MQTT for AWS IoT - requires a private key (+11.9k code, +0.4k mem)
                                                  //   Note: you need to generate a private key + certificate per device and update 'tasmota/tasmota_aws_iot.cpp'
                                                  //   Full documentation here: https://github.com/arendst/Tasmota/wiki/AWS-IoT
+//  #define USE_4K_RSA                             // Support 4096 bits certificates, instead of 2048
 
 // -- KNX IP Protocol -----------------------------
 //#define USE_KNX                                  // Enable KNX IP Protocol Support (+9.4k code, +3k7 mem)